For 10 days, jewelry maker Michelle Espinoza thought a single photo on the social website Pinterest was going to ruin her business.
It was an image of one of the pearl cuff bracelets she designs and sells, nestled among snapshots of other coveted items that users display on Pinterest, a virtual bulletin board. Yet anybody who clicked on the picture could end up unwittingly watching pornography or downloading a virus.
“I can’t gauge how many customers I lost,” Espinoza, based in Santa Rosa Beach, Florida, said in a phone interview. “But I did have people messaging me asking, ‘Are you linked to spam?’ I was just distraught.”
When Pinterest debuted two years ago, e-mail was still the favored format for spam messages peddling diet schemes, sexual enhancement and other unsolicited services. Since then, better filters have banished more spam from inboxes, pushing tens of billions of pieces of mass marketing to social-media sites, according to Dan Olds of Gabriel Consulting Group in Beaverton, Oregon.
“Social spam can be a lot more effective than e-mail spam,” said Mark Risher, chief executive officer of anti-spam software provider Impermium in Palo Alto, California. “We see a lot of it, and we see it increasing. The bad guys are taking to this with great abandon.”
Spammers create as many as 40 percent of the accounts on social-media sites, Risher said. About 8 percent of messages sent via social pages are spam, approximately twice the volume six months ago, he said.
The looser the controls, the more prevalent the fake accounts. While Facebook Inc. (FB:US), the world’s largest social network, has matured enough to spot and stop much of the attempted spam, younger entrants like Pinterest have yet to erect effective blockades.
Erica Billups, a spokeswoman for Palo Alto-based Pinterest, declined to make executives available for interviews.
“As a growing service, Pinterest is not immune to challenges faced by sites across the Web including spam,” she said in an e-mailed statement. “Our engineers are actively working to manage issues as they arise and are revisiting the nature of public feeds on the site to make it harder for fake or harmful content to get into them.”
Some 50,000 people may open a spam message on Facebook within one hour, Chester Wisniewski, senior security adviser in Vancouver for anti-spam vendor Sophos Ltd., said in an interview. Spammers can make money by advertising goods for vendors, selling their own products, stealing personal information through surveys, or installing viruses that can grab consumer data.
“For an average Facebook scam, it’s easily on the scale of e-mail scam,” Wisniewski said. “It’s a rather mature economy of con artists.”
Facebook and Twitter Inc. -- social media’s old guard -- have bulked up on programmers and security specialists to deflect spam. When that fails, they go to court.
In January, Facebook sued Adscend Media LLC, accusing the company of running scams on fraudulent pages designed to bait users into visiting other websites. A typical lure cited in Facebook’s suit: “You will be SHOCKED when you see this video. Simply “Like” this page to see the video.”
At least 280,214 users were tricked into interacting with spam set up by the defendants in the case, Menlo Park, California-based Facebook said, calling the practice “Likejacking.”
About 80 percent of Adscend’s monthly revenue of $1.2 million came from Facebook scams at one point in time, the social network said. Adscend said this month it settled the case for $100,000 without admitting wrongdoing.
Twitter last month sued Skootle Corp., JL4 Web Solutions, a man affiliated with TweetBuddy.com and four other individuals, claiming that they were responsible for spam that had caused some users to cancel accounts. Twitter said it spent more than $700,000 to combat spam attacks by the defendants.
TweetBuddy.com created software to automate the creation of fake accounts and mass distribution of tweets, Twitter said in the suit. TweetBuddy.com also sold Twitter accounts to spammers, according to the court filing.
“We hope this suit acts as a deterrent to other spammers, demonstrating the strength of our commitment to keep them off Twitter,” the company said in a blog posted the day it filed the lawsuit. The Tweet Buddy site now says its products have been pulled from the market and urges users to comply with Twitter’s terms of service.
Twitter, based in San Francisco, also set up software to analyze links posted on the site and shut down any containing malware or malicious content, which helped eliminate hundreds of thousands of abusive accounts.
“Tens of millions of dollars are spent on our site integrity systems including hundreds of full time employees,” Facebook spokesman Frederic Wolens said.
Facebook has been expanding its URL blacklist system, which uses data from partners including Intel Corp.’s McAfee to detect and block known threats. Facebook Immune System inspects every action on the site, using the reputation of the cookie or IP address involved to halt any suspicious action.
Pinterest encourages users to form a virtual neighborhood watch and report spam before it spreads. Last month, Pinterest posted a blog suggesting that consumers use a “Report Pin” button to identify spam.
On Pinterest, spam often lurks in the embedded links attached to photos, making it tricky for users to spot. Espinoza, the 40-year-old jewelry maker, said she contacted the company at least 10 times in as many days before the fraudulent links tied to images of her bracelets were banished.
Lauren Williamson, a 31-year-old in suburban Chicago, didn’t even sign up for Pinterest to get spam from the site. After somebody else used her e-mail for a Pinterest account, she now gets several spam messages each week. She said she e-mailed Pinterest twice attempting to fix the problem and then gave up when she got no response. She says the messages keep coming.
“I get e-mails from mortgage brokers and online retailers,” she said in an interview. “It’s an annoyance.”
To contact the reporter on this story: Olga Kharif in Portland, Oregon, at email@example.com
To contact the editor responsible for this story: Tom Giles at firstname.lastname@example.org